b9aea4fa05a050454cdf2b78a1b79c16401f1e655a8d854f32478e292436ac3b

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6a9e95ba213b655795e437de999e1df0.html
Size

279KB
MD5

6a9e95ba213b655795e437de999e1df0
SHA1

ac50bc21842ab3ce7a60490d57c5b6dedb986ee7
SHA256

b9aea4fa05a050454cdf2b78a1b79c16401f1e655a8d854f32478e292436ac3b
SHA512

4bed99ff0bcbc36ca31c3d2ccfe582a5d5c10a7c73cc6a6824b54b4f85486396b98b277d600424c7ba57da8d39023f8d5348b22c4055268bc7d3427514ef2b82
SSDEEP

3072:1sWv3od2hs559Wxd6wAk+ZbXtDoFVvvkPzVGScoLvxn4pMcC0q14uPG+hNBJZ8EE:UoG+qjRx+bNp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
1720	msedge.exe
1720	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 4752	1720	msedge.exe	83
PID 1720 wrote to memory of 4752	1720	msedge.exe	83
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 756	1720	msedge.exe	84
PID 1720 wrote to memory of 4896	1720	msedge.exe	85
PID 1720 wrote to memory of 4896	1720	msedge.exe	85
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86
PID 1720 wrote to memory of 3768	1720	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6a9e95ba213b655795e437de999e1df0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16528842970228379997,2150467908227744933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
095ce818e7bb902570b0d8de4db628b6

SHA1
c5b72483ce543189e324a95633e74ad295cc61af

SHA256
524408ecd9ffc2605f8d85802c1eab8f12263bba0c86bea8d3e9e6aac94f408f

SHA512
34094da37c09e7e6b06be10420266e651b03a07b77478e2abf03e75dfc749c1845da2e932b24269fdf1ccd91f870e3626db35b9d2d585455c28a3fe00f8c87a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ac96905862f3a79710a412ed79bd6171

SHA1
e3b3253ee608a21f44cc4ba0644a4478e9b99543

SHA256
3aa9f0b5cfc8ca31e2b2fa013b30746d436c37c29fcc39a32c4445ca445497c4

SHA512
c268c193742e395780495fdb8dd01d81d9725b9dcf06c3f4baf95839c364b5dec9b67f85faebdb5fddcbf95697dd5bc162472974a9a00b3b0ed42af556764b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1b2ef2e40172cf5a34dfa96092f10823

SHA1
41a2b50c884bf368d4cc6adf9f328f26d7992437

SHA256
9a60f896632802e7729f830dc5e6dded3d57b16eebb51a5a1424a8087c3779ef

SHA512
e7b8b676eac56dd684504d4fac4f301a9934caa37495d0979fff9803e1b1c3285ae80cb47751ebea636c4cf6a184ee0a7629da4020f73c61b774c11a9d3f7c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d5d81cb79db62943adb2a0dd5cb6ae4e

SHA1
2d43ed832ebc6e918c8e63c79369b5f99a77d0f2

SHA256
97aade26d1ceb516d25d408cff2cfc3f24ca73279475f9d1a25aa30befe9eef8

SHA512
f440b913e874444e958ee1e17b8369f92c428825fafd630936e914940693188e53e153e1873c8af0db3ea24cb48c38b7f20b4589292f077d479d3d1892e613ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84fb36dd4536a06ff19ea4f3708f3698

SHA1
066ec09ce7708de117a2a7e6de8d7e4dd40abb97

SHA256
baed7de291081043d05d147d2a7fd289b19784463fc710dd03aa36bc78d38582

SHA512
d2415699205ae829d5c182dd23d4d989dc8756c7a27eec1c5bf39ff2dfe1b42f4e09d672d7d44ca07b6c7ad981ac448660bc8faa786888f01ca849e5fabcf9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
e10841ca1717b25820b39acf09e378c7

SHA1
a227bc803dbc8aff157fe11b692888ac49201d35

SHA256
87606f4d16587d29153b616a766ccd4ea2e95a964f016226284b62c1d776c284

SHA512
4e57163892600b2b6278f5a8d18f3dcc858e3e39bae32c9f6c2e2eab7be91c69a48af6a8aff6af7d009afa5e6e5af7b9bfb6952c82bfa859f915ee61d0fdf4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
05ebcec55e21293940c1d75a5258da20

SHA1
43aa16a33f37f709879d78431bcb5def6799b93f

SHA256
ae84ded52cbbc7fce448f4cff1f80afec6e891f1fe5edcfa194fce8e800f6014

SHA512
6a96b929e721607b5ae881e6a8168bd183c32be20b1b1fee349ced9d9c4fa8402178e9077a2d845702c4002625275277cda79f312788f0aadc61fcfd1dcaa622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
e41b6199f504e1f276c8bae00ac40b0f

SHA1
99cc3c63a202dae76a03ac112fbe914a8c378969

SHA256
6dafd4d04441027c5a0c6d6a13a4a9067f9066fb5f087a5c4743eb326eacd2ba

SHA512
52b451076f22f90723d2aaaf34da5aa86535f7fc577a98dac2364e772fa52a706b8cfba0df181b7be08b826761c3ebf2ab3a4a16e94f9376501d7fa8064c719e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5912a4.TMP

Filesize
539B

MD5
33abd19953aec8896a5b1f9c2e67ab2f

SHA1
c0298261e7b49ccfc79b61eb93463d8e131c7563

SHA256
21183f6adeba4fd07157b84a4506262780640ba81d9b676304641c9a06aa6ba5

SHA512
33665ba28795b277628f624ed402710276fcc3dff9eb6b84e73d38e8a6b6751ab2e3b2413a68cbc7c1e0ffa6a8598b9b475e4a43aa115fd91d0e91cbd3513373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac943b41-95c0-4202-b240-c653e397297a.tmp

Filesize
5KB

MD5
294ba1faa49c5782f68e4d6a5b960dc2

SHA1
86aa6cf42f9e8c62fe8712f1215ca316bae5c8af

SHA256
6fcc5cf51eff20cd543370fe0112f09dfc82f0f6b3dcb0ae6e2a89d49b75ace0

SHA512
874f8a46a4d46f940ae4e74605cc695c3b9b6b397b89cd991d7ba98025418b43af8c0660db9fad183d187a161e34500b94d2af81f1420803f0122f02f990e5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9cd04da913689844d44d3f72dd141b1

SHA1
824f50b4fb879ff247acc62930adf0a92ab22233

SHA256
e10ff02a76d686005a9fd8d1d3fcf599f4394f66d9a0ae1c5026bb54f359dabc

SHA512
51a0ccff3a6e9ad3092dc0e45be87e0342fc906cc23862e59e3a91d04dea6d21bfb7463b74ab5ee6f440744a85405020c1e718b24dd5bf457251b7e99f78dac0

Download Submit